VPN over Satellite: A comparison of approaches

Written by Richard McKinney and Russell Lambert

Continued from page 1

The remote connection utilized VSAT Systems NetModem II (www.vsat-systems.com/satellite-internet/hardware.html) commissioned for 512 Kbps/512 Kbps service torepparttar Internet. The host side had a cable modem connection running at 3 Mbps/384 Kbps. The 384 Kbps outbound connection limitedrepparttar 133338 ability to testrepparttar 133339 full 512 Kbps download capability ofrepparttar 133340 satellite modem, but it did provide adequate results to compare relative speeds of encrypted and unencrypted data coming fromrepparttar 133341 host.

The latency ofrepparttar 133342 VSAT Systems satellite link (www.vsat-systems.com) used in these tests ranged from approximately 550 ms to 625 ms. Some satellite connections (www.skycasters.com) have much higher latencies. Depending uponrepparttar 133343 satellite hardware and subscription policy ofrepparttar 133344 service provider, latencies of 800 ms to as much at 2,000 ms have been observed.

The performance of any shared bandwidth system varies throughoutrepparttar 133345 day. To minimize bandwidth effects on results, five iterations of each test ran at different times. To further reducerepparttar 133346 influence of bandwidth fluctuations,repparttar 133347 testing sequence progressed through all six files, once in each direction, before repeatingrepparttar 133348 transfer of any one file. For example,repparttar 133349 500 K text file ran throughrepparttar 133350 SLE tunnel, thenrepparttar 133351 IPsec circuit, and finally inrepparttar 133352 clear.

Next a 500 K binary file passed through each circuit, and so on. Each interleaved sequence of transfers repeated five times. An efficient VPN solution must do more than simply transfer files proficiently. The time to establish a TCP/IP session can significantly impact how applications run across a high-latency connection. To gain an indication ofrepparttar 133353 rate at whichrepparttar 133354 connections could establish TCP/IP sessions,repparttar 133355 test procedure transferred a directory file and a group of web pages back and forth.

The time required to establish a TCP/IP session can have a noticeable impact onrepparttar 133356 performance of some web-enabled applications. Since each file included in a web page requiresrepparttar 133357 browser to start a new HTTP connection torepparttar 133358 server, a page with multiple graphics, framed text, or media in external files will cause a delay as multiple connections open and close. Similar circumstances occur in FTP connections as a client traversesrepparttar 133359 server’s file structure if that action involves multiple files.

To illustrate TCP/IP session initiation efficiency,repparttar 133360 test protocol included two additional procedures. First, each server transferred a directory containing files of different sizes and composition over and back acrossrepparttar 133361 connections using FTP. Second,repparttar 133362 servers moved a series of web pages to and fromrepparttar 133363 remote site using HTTP. Since both FTP and HTTP must establish a new connection for each file, this procedure provided a method to assess start/restart timing issues associated with VPN tunnels extended across satellite links. For convenience,repparttar 133364 FTP and HTTP tests measuredrepparttar 133365 total time required to transferrepparttar 133366 respective data from one side to another, notrepparttar 133367 time to reestablish each individual connection.

Results The 3DES Selective Layer Encryption technology proved consistently faster than IPsec encryption in all three categories: FTP file transfer, FTP directory transfer, and HTTP web page downloads. This is as expected because SLE leavesrepparttar 133368 TCP/IP headers inrepparttar 133369 clear which allowsrepparttar 133370 satellite operator to perform IP spoofing or TCP acceleration.

In half ofrepparttar 133371 FTP file transfers, Selective Layer Encryption attained higher data transfer rates thanrepparttar 133372 unencrypted circuit. Data moved 20% slower overrepparttar 133373 IPsec connection than it did overrepparttar 133374 unencrypted channel when moving from host to remote and 38% slower going fromrepparttar 133375 remote torepparttar 133376 host. Bothrepparttar 133377 graph on page 3 entitled FTP to Remote Site andrepparttar 133378 one above labeled FTP from Remote Site presentrepparttar 133379 mean values for five iterations of each file type.

Selective Layer Encryption also performed well inrepparttar 133380 TCP/IP intensive tests involving directories and web pages. When downloadingrepparttar 133381 directory information torepparttar 133382 remote site, SLE performed only 7% slower thanrepparttar 133383 unencrypted connection compared with 25% forrepparttar 133384 slower IPsec protocol. Inrepparttar 133385 opposite direction,repparttar 133386 SLE connection completedrepparttar 133387 task only 3% behindrepparttar 133388 unencrypted connection whilerepparttar 133389 IPsec circuit ran 14% slower.

Inrepparttar 133390 web page test, SLE completedrepparttar 133391 task 0.5% faster thanrepparttar 133392 unencrypted circuit when moving data fromrepparttar 133393 host torepparttar 133394 remote site. Reversing direction reducedrepparttar 133395 SLE performance relative torepparttar 133396 clear channel: SLE took 6% longer. The IPsec connection pulled downrepparttar 133397 web pages 5% slower thanrepparttar 133398 unencrypted circuit going from host to remote and 66% slower when run fromrepparttar 133399 remote site.

As mentioned earlier, satellite latency varies with equipment and service quality. Longer latencies, while affecting allrepparttar 133400 results, will have a more severe impact onrepparttar 133401 IPsec connection than either ofrepparttar 133402 other two protocols in this test.

Conclusions Any encryption technique over any connection imposes some performance loss. Performance also suffers as a function of increased latency. Some ofrepparttar 133403 geo-synchronous satellite services available today, however, have sufficiently low latencies (550 to 625 ms) that even an IPsec VPN becomes practical.

But asrepparttar 133404 results of these tests clearly indicate, IPsec encryption significantly reducesrepparttar 133405 performance of TCP/IP over a high latency connection. The Encore VSR-30 with Selective Layer Encryption technology combines with VSAT Systems high-end satellite equipment (www.vsat-systems.com) offers an efficient method to achieve fast, secure 3DES encryption when using a satellite link to accessrepparttar 133406 public Internet.


Collaboration Software - Building an office without walls.

Written by Mike Nielsen

Continued from page 1

There are essentially two types of collaboration software. Most collaboration software is centralized, which requires an IT infrastructure to make it usable. Setting up an IT infrastructure can be very expensive and time consuming. Collaboration software that is centralized can be very beneficial for team collaboration but it sometimes requires that all who wish to sharerepparttar collaboration documents haverepparttar 133337 same software set up on their computer. Some ofrepparttar 133338 collaboration that requiresrepparttar 133339 use of an IT infrastructure includesrepparttar 133340 following:

• Groove Network

• Microsoft Sharepoint

• Documentum

• Filenet

There is another type of collaboration software which does not requirerepparttar 133341 use of an IT infrastructure and requires very little installation time. NextPage is one example of collaboration software that doesn’t require an expensive IT infrastructure. Another advantage that NextPage has is that you can share documents with anyone; they don’t have to haverepparttar 133342 NextPage software on their machine to viewrepparttar 133343 documents that you send them. This can be useful if you are preparing a document for a client where you needrepparttar 133344 input and editions from your fellow co-workers but then want to sendrepparttar 133345 finished product to your client who isn’t usingrepparttar 133346 same software. He/she can still open uprepparttar 133347 document when they receive it and you can easily track editions torepparttar 133348 document using NextPage’s collaboration software.

As you can see, using collaboration software can be very beneficial to keeping documents you share in your office and with clients organized and up-to-date. Withrepparttar 133349 implementation of collaboration software, you can create an office without walls and without bounds with regards to productivity and organization. All that remains is for you to go get it, and get it implemented!

Mike Nielsen is a client account specialist with 10xmarketing - More Visitors. More Buyers. More Revenue. For more information about collaboration software, visit NextPage.com

    <Back to Page 1
ImproveHomeLife.com © 2005
Terms of Use